Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Thedaylightstudio Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24950 1 Thedaylightstudio 1 Fuel Cms 2023-08-16 N/A 8.8 HIGH
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
CVE-2021-44117 1 Thedaylightstudio 1 Fuel Cms 2022-06-17 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVE-2021-38723 1 Thedaylightstudio 1 Fuel Cms 2021-09-20 6.5 MEDIUM 8.8 HIGH
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
CVE-2021-38290 1 Thedaylightstudio 1 Fuel Cms 2021-08-17 6.8 MEDIUM 8.1 HIGH
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVE-2020-23722 1 Thedaylightstudio 1 Fuel Cms 2021-07-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
CVE-2019-15229 1 Thedaylightstudio 1 Fuel Cms 2019-08-26 6.8 MEDIUM 8.8 HIGH
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2018-20188 1 Thedaylightstudio 1 Fuel Cms 2019-01-07 6.8 MEDIUM 8.8 HIGH
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
CVE-2018-16416 1 Thedaylightstudio 1 Fuel Cms 2018-10-25 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.